Naming things is hard.
nc caller.ecsc25.hack.cert.pl 5212
caller.py
import os import uuid def main(): FLAG = open("flag.txt", 'r').read().encode() arg = input("> ") blacklist = ['{', '}', ';', '\n'] if len(arg) > 10 or any([c in arg for c in blacklist]): print("Bad input!") return template = f""" #include <stdio.h> #include <string.h> char* f(){{ char* flag = "{FLAG}"; printf("%s",flag); return flag; }} void g(char* {arg}){{}} int main(){{ g(NULL); return 0; }} """ name = "test" source = f"/tmp/{name}.c" outfile = f"/tmp/{name}" open(source, 'w').write(template) os.system(f"export PATH=$PATH:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin && gcc {source} -o {outfile}") os.system(f"{outfile}") os.remove(source) os.remove(outfile) main()
Format flagi:
ecsc25{litery_cyfry_i_znaki_specjalne}.
W razie wątpliwości lub pytań dotyczących konkursu zapraszamy na naszego Discorda: https://discord.gg/gAtRKa2rcn.